Digital signatures (and the accompanying concepts of encryption and authentication) have been a critical aspect of electronic communications for several years now, and both regulatory bodies and businesses continue to demonstrate a vested interest in the continued growth and advancement of this field.
A popular point of discussion and research among businesses in the EU is eIDAS, the EU regulation on the use of identification and trust services for electronic transactions in the internal market. Not only is eIDAS required for legally-compliant digital signatures, it's also part of a greater picture of technological innovation and growth within the EU.
While eIDAS was formally adopted in July of 2014, there is still a great deal of innovation and discussion occurring regarding best practices for implementing compliant tools and processes. Therefore, it is critical that executives and security stakeholders understand eIDAS and the implications of this regulation for the future of their business, both in terms of technological investments and for the sake of the growth and security of the business.
Where did eIDAS originate?
It's important to consider the source of the eIDAS regulation as a means of comprehending the purpose of the framework and gaining a glimpse of its future direction. eIDAS originated from the European Commission focused on the "Digital Agenda" for Europe. This group helps ensure that policy and strategy recommendations align with the digital growth that the EU needs to continue to prosper in the coming years.
- This is the first key point about eIDAS: eIDAS is about innovation.
- Neither older, less secure technologies nor newer ones that are not sufficiently tested will suffice; eIDAS is meant to push organizations toward the highest levels of innovation and security that exist.
Key Aspects of eIDAS
There are two key ideas around which eIDAS is focused: interoperability and transparency.
- Interoperability - eIDAS is designed to ensure that (trusted) electronic IDs and signatures used by one country are recognized and easily usable within the electronic environment of another country.
- As part of eIDAS, member nations are required to develop a common framework upon which member states can recognize the eID of another member state, and ensure its security and authenticity.
- By developing a centralized means by which to recognize digital IDs, it is easier to facilitate cross-border digital signatures and carry out international business needs.
- Transparency - eIDAS also involves clearly identifying a widely-available list of trusted services which can be used in the context of a centralized signing framework.
- Transparency enables all EU security stakeholders to engage in dialogue regarding the most secure and accepted tools and technologies for digital signatures.
- As part of the directives on transparency, the specific formats that are recognized by the public sectors within member states are also detailed.
What's Next?
There are several ways that decision-makers and stakeholders can help the eIDAS initiative (and their organization) move forward:
- Understand the regulations and guidelines that comprise eIDAS.
- Adopt, use and encourage technologies that facilitate a centralized digital signature infrastructure.
- Partner with solution vendors that are truly providing next-generation digital signature technologies.
eIDAS is just one element of the exciting technological innovations that are to come for the EU and its businesses through future similar dialogues and frameworks. Organizations must understand eIDAS and its intentions and key goals in order to be part of the next-generation technology era in the EU.
There are multiple resources available for those who wish to further research the technical details of eIDAS, and it is certainly not wasted time to further explore this revolutionary framework.
References and Further Reading
- Selected articles on Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Peter Landrock, Torben Pedersen and Dawn M. Turner
- Trust Services and eID (retrieved 11.01.2016) by the European Commission
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
Cover image: courtesy of Plantronics Germany, Flickr